Lucygurrll

November 27, 2012

Hi,

I did run Malwarebytes.

This is the latest log from it

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.26.03

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Toshiba :: TOSHIBA-PC [administrator]

27/11/2012 1:52:52 PM

mbam-log-2012-11-27 (13-52-52).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 206774

Time elapsed: 4 minute(s), 40 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

November 26, 2012

Also, I can't afford much, but I would love to send 10 bucks at least

November 26, 2012

# AdwCleaner v1.604 - Logfile created 11/26/2012 at 20:57:25

# Updated 23/04/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)

# User : Toshiba - TOSHIBA-PC

# Running from : C:\Users\Toshiba\AppData\Local\Temp\installer.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\Toshiba\AppData\Local\Conduit

Folder Deleted : C:\Users\Toshiba\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Users\Toshiba\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Toshiba\AppData\Roaming\Babylon

Folder Deleted : C:\Users\Toshiba\AppData\Roaming\OpenCandy

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\SweetIM

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\SweetIM

File Deleted : C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\lvsm3vng.default\searchplugins\MyStart Search.xml

File Deleted : C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\lvsm3vng.default\searchplugins\SweetIm.xml

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\SweetIm

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKLM\SOFTWARE\Babylon

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\Software

Key Deleted : HKLM\SOFTWARE\SweetIM

Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils

Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\sim-packages

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [sweetIM]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [sweetpacks Communicator]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-GB)

Profile name : default

File : C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\lvsm3vng.default\prefs.js

C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\lvsm3vng.default\user.js ... Deleted !

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=113480&tt=010712_2&babsrc=NT_ss&mn[...]

Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");

Deleted : user_pref("extensions.4faaf2a291247.scode", "\n(function(){var bdomains={\"premiumreports.info\":1,\[...]

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);

Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=113480&tt=01071[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationThankYouPage", true);

Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationTime", 1341567030);

Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.searchUserConifrmation", false[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setHomepage", false);

Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setNewTab", false);

Deleted : user_pref("extensions.crossriderapp4479.4479.InstallationUserSettings.setSearch", false);

Deleted : user_pref("extensions.crossriderapp4479.4479.active", true);

Deleted : user_pref("extensions.crossriderapp4479.4479.addressbar", "");

Deleted : user_pref("extensions.crossriderapp4479.4479.affid", "0");

Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundjs", "\n\n/**********************************[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.backgroundver", 2);

Deleted : user_pref("extensions.crossriderapp4479.4479.can_run_bg_code", true);

Deleted : user_pref("extensions.crossriderapp4479.4479.certdomaininstaller", "");

Deleted : user_pref("extensions.crossriderapp4479.4479.changeprevious", false);

Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallationTime.value", "1341567030");

Deleted : user_pref("extensions.crossriderapp4479.4479.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]

Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_aoi.value", "1341567030");

Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]

Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_hotfix20111102645.value", "%221%22");

Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_parent_zoneid.value", "%2241449%22");

Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_product_id.value", "%221242%22");

Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.cookie._GPL_zoneid.value", "%2253466%22");

Deleted : user_pref("extensions.crossriderapp4479.4479.description", "Save big with Giant Savings! Coupons dis[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.domain", "");

Deleted : user_pref("extensions.crossriderapp4479.4479.emailsig", "");

Deleted : user_pref("extensions.crossriderapp4479.4479.enablesearch", false);

Deleted : user_pref("extensions.crossriderapp4479.4479.exposesites", "");

Deleted : user_pref("extensions.crossriderapp4479.4479.fbremoteurl", "");

Deleted : user_pref("extensions.crossriderapp4479.4479.group", 0);

Deleted : user_pref("extensions.crossriderapp4479.4479.homepage", "");

Deleted : user_pref("extensions.crossriderapp4479.4479.iframe", false);

Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_appVer.value", "15");

Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]

Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_lastVersion.value", "0");

Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_meta.value", "%7B%7D");

Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.expiration", "Sun Jul 22[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_nextCheck.value", "true");

Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_queue.value", "%7B%7D");

Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.expiration", "Fri[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.internaldb.Resources_remote_resources.value", "%7B%22re[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.js", "\nvar _GPL_PID=1171,_GPL_baseCDN=\"giantsavings-a[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.manifesturl", "");

Deleted : user_pref("extensions.crossriderapp4479.4479.name", "Giant Savings");

Deleted : user_pref("extensions.crossriderapp4479.4479.newtab", "");

Deleted : user_pref("extensions.crossriderapp4479.4479.opensearch", "");

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.name", "base");

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_1.ver", 2);

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.name", "CrossriderAppUtils");

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_13.ver", 1);

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.name", "CrossriderUtils");

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_14.ver", 1);

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.name", "FacebookFFIE");

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_15.ver", 1);

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.name", "FFAppAPIWrapper");

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_16.ver", 3);

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.name", "jQuery");

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_17.ver", 1);

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.name", "debug");

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_21.ver", 1);

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.name", "resources");

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_22.ver", 1);

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.name", "initializer");

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_28.ver", 1);

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.name", "jquery_1_7_1");

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins.plugin_4.ver", 2);

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_0", "17,14,16");

Deleted : user_pref("extensions.crossriderapp4479.4479.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,28"[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]

Deleted : user_pref("extensions.crossriderapp4479.4479.pluginsversion", 4);

Deleted : user_pref("extensions.crossriderapp4479.4479.premium", true);

Deleted : user_pref("extensions.crossriderapp4479.4479.publisher", "215 Apps");

Deleted : user_pref("extensions.crossriderapp4479.4479.searchstatus", 0);

Deleted : user_pref("extensions.crossriderapp4479.4479.setnewtab", false);

Deleted : user_pref("extensions.crossriderapp4479.4479.settingsurl", "");

Deleted : user_pref("extensions.crossriderapp4479.4479.thankyou", "");

Deleted : user_pref("extensions.crossriderapp4479.4479.updateinterval", 360);

Deleted : user_pref("extensions.crossriderapp4479.4479.ver", 15);

Deleted : user_pref("extensions.crossriderapp4479.apps", "4479");

Deleted : user_pref("extensions.crossriderapp4479.bic", "1385ef57f50e5c0a95dc8aff2469e1f2");

Deleted : user_pref("extensions.crossriderapp4479.cid", 4479);

Deleted : user_pref("extensions.crossriderapp4479.firstrun", false);

Deleted : user_pref("extensions.crossriderapp4479.hadappinstalled", true);

Deleted : user_pref("extensions.crossriderapp4479.installationdate", 1341622944);

Deleted : user_pref("extensions.crossriderapp4479.lastcheck", 22381950);

Deleted : user_pref("extensions.crossriderapp4479.lastcheckitem", 22382151);

Deleted : user_pref("extensions.crossriderapp4479.misc.lastBgWorkerTimer", "1341628465125");

Deleted : user_pref("extensions.crossriderapp4479.misc.lastDomWorkerTimer", "1341628465118");

Deleted : user_pref("extensions.crossriderapp4479.modetype", "production");

Deleted : user_pref("extensions.engine@conduit.com.install-event-fired", true);

Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]

Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://search.babyl[...]

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

November 26, 2012

Hi!

Please find the attached log.

AdwCleanerS1.txt

November 26, 2012

Hi!!

I am infected! This is a computer used by myself and my father and I have university work due soon, so any help you can offer would be much appreciated.

I will be ever so grateful

Attach.rar

DDS.txt

Sign In

Lucygurrll

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Posts posted by Lucygurrll

I'm infected - please help

I'm infected - please help

I'm infected - please help

I'm infected - please help

I'm infected - please help

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information